Lagos, Nigeria --:-- WAT Open to select audits

Security Research · Vibe-coded SaaS · Responsible Disclosure

Finding the holes AI builders leave behind.

8 confirmed findings

4 targets tested

2 High severity findings

100% responsible disclosure

Selected Work

Case studies shaped by reliability, leverage, and product sense.

01 / Active research

Security research operation

VibeScan — AI-generated SaaS vulnerability research

Systematic responsible-disclosure research targeting AI-scaffolded SaaS. LLMs make the same auth and authorization mistakes repeatedly — I find them before others do.

8 confirmed findings 4 targets tested 2 High severity

Built a discovery pipeline (ProductHunt + revenue signals), a recipe library of reusable probe scripts, and a systematic methodology — turning predictable LLM-generated bug patterns into a structured research operation.

Bug classes: auth-tier mismatch, OAuth state forgery, SSRF, CORS misconfiguration, race conditions
Tooling: mitmproxy, custom Python probes, Supabase RLS bypass scripts, LinkFinder, jwt_tool
All findings disclosed privately with reproduction steps, impact quantification, and fix guidance

02 / Flagship

Policy intelligence platform

Africa Tech Policy Tracker

Built a 13-service backend that turns policy documents across African jurisdictions into structured intelligence for compliance teams.

Claude extraction with evals 2,500+ MAU Sole builder

Owned the extraction flow, dashboards, deployment stack, and operating playbooks so the product could run with confidence beyond the build phase.

Node.js, PostgreSQL, Docker, GitHub Actions, DigitalOcean, Cloudflare
Structured extraction with evals for accuracy and hallucination control
Built for non-technical operation after launch

Visit site ↗

03 / Live product

Prediction engine

BetSignal

A football value-betting platform built around a self-calibrating Poisson model, with monitoring and automated resolution workflows.

10 leagues 800+ team mappings 10,930 pageviews/mo

Designed as a multi-service system with a shared prediction core and the operational tooling needed to keep it accurate over time.

FastAPI, SQLite, Telegram bot, Prometheus, Grafana, Cloudflare
Recurring cron-based resolution and model recalibration

Visit site ↗

04 / Internal system

Sales intelligence agent

PrepCall

A Claude-powered presales tool that turns prospect signals into call-prep briefs and removes hours of manual research.

Low-friction inputs Predictable outputs Built for adoption

Designed for a non-technical sales team, with strong attention to trust, repeatability, and output quality.

Internal workflow automation with an operator-friendly interface
Reduced about two hours of research per call

View on GitHub ↗

05 / Production agent

Job-market intelligence agent

RoleRadar

Production AI agent that scrapes Greenhouse, Lever, and BambooHR ATS platforms, scores listings against a candidate profile, deduplicates, and delivers qualified matches to Telegram on a schedule.

GPT-4o-mini Eval-driven tuning Multi-ATS

Wrote evals on ranking accuracy, dedup rate, and false-positive rate to tune prompts and filters before and after deployment — iterated agent logic on real-world output data.

Python, Flask, SQLite, Telegram Bot API
BambooHR, Greenhouse, Lever ATS integrations
GPT-4o-mini with function calling for structured scoring
Deployed on personal DigitalOcean infrastructure

06 / Experimental build

Desktop agent

Clicky for macOS

Adapted an open-source desktop companion into a screen-aware agent with vision support, pointer overlays, and streaming speech.

Swift client Vision models Voice loop

Extended into a real-time desktop workflow with multimodal model support and multi-provider voice infrastructure.

Swift, ScreenCaptureKit, TypeScript Cloudflare Worker, AssemblyAI
Inline overlays, streaming transcription, and TTS playback

View on GitHub ↗

Systems Thinking

I know how these products are built — and exactly where the cracks appear.

Security research

Systematic bug hunting across auth, authorization, and connector surfaces.

mitmproxy, custom Python probes, JWT analysis, Supabase RLS testing, OAuth flow analysis, SSRF detection, CORS misconfiguration scanning, race condition probing.

Product engineering

Interfaces with strong structure, sharp implementation, and clear behavior.

React, Next.js, TypeScript, design systems, frontend architecture, and clean UI execution.

Backend systems

Services designed for reliability and growth.

Node.js, Python, FastAPI, Express, PostgreSQL, Redis, APIs, and service design.

AI and agents

Model-driven workflows shaped for real operation.

Claude Code, Anthropic API, OpenAI API, eval loops, extraction systems, agent workflows.

Working principle

Systematic, not creative. Proof before disclosure. Patch before publish.

Experience

A builder arc across infrastructure, delivery, mentorship, and technical sales.

2026 — Present

Founding Engineer / DevOps Lead

Tech Policy Advisory

Built production infrastructure from scratch, shipped CI/CD and observability, and delivered Claude-powered policy extraction running reliably in production since launch.

2023 — 2026

Pre-Sales Technical Specialist

DataFlex Nigeria

Built internal AI and automation systems while supporting enterprise deals and translating technical complexity into clear decisions.

2022 — 2024

Lead Mentor / Software Engineer

Springboard USA

Led a nine-engineer mentorship cohort, set review and deployment standards, and helped distributed teams build with more confidence.

2019 — 2022

Software Developer, from Intern to Lead

AppSwift

Grew from intern to lead while owning architecture, product builds, and production deployments across multiple client projects.

Writing and Inputs

Writing in public. Learning in motion.

builderswhosell.com

Security writeups, vulnerability methodology, and the offensive research behind hunting AI-generated SaaS.

Read the writeups ↗

Reading

The Lean Startup
The Mom Test
The Hard Thing About Hard Things

Listening

Naval Podcast
A Bit of Optimism